Filtered by vendor Totolink
Subscriptions
Total
651 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-32334 | 1 Totolink | 1 N300rt | 2024-11-21 | 6.5 Medium |
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
CVE-2024-32333 | 1 Totolink | 1 N300rt | 2024-11-21 | 4.3 Medium |
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
CVE-2024-32332 | 1 Totolink | 1 N300rt Firmware | 2024-11-21 | 6.1 Medium |
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | ||||
CVE-2024-32327 | 1 Totolink | 1 N300rt | 2024-11-21 | 5.5 Medium |
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | ||||
CVE-2024-32326 | 1 Totolink | 1 Ex200 | 2024-11-21 | 6.8 Medium |
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | ||||
CVE-2024-32325 | 1 Totolink | 1 Ex200 | 2024-11-21 | 2.4 Low |
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | ||||
CVE-2024-31815 | 1 Totolink | 1 Ex200 Firmware | 2024-11-21 | 9.1 Critical |
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | ||||
CVE-2024-31813 | 1 Totolink | 1 Ex200 Firmware | 2024-11-21 | 8.4 High |
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | ||||
CVE-2024-28640 | 1 Totolink | 2 A7000r Firmware, X5000r Firmware | 2024-11-21 | 7.5 High |
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. | ||||
CVE-2024-24333 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | ||||
CVE-2024-24332 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | ||||
CVE-2024-24331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | ||||
CVE-2024-24330 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | ||||
CVE-2024-24329 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. | ||||
CVE-2024-24328 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. | ||||
CVE-2024-24327 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | ||||
CVE-2024-24326 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | ||||
CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | ||||
CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | ||||
CVE-2024-23061 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. |